{ config, pkgs, fetchurl, lib, ... }:

let
  dockerConfig = {
    ipv6 = true;
    fixed-cidr-v6 = "fd69:2074:9fcd:b0fd::/64";
    features = {
      buildkit = true;
    };
  };
in
{ virtualisation = {
  docker = {
      enable = true;
      enableOnBoot = false;
      liveRestore = false;

      extraOptions = "--config-file=${pkgs.writeText "daemon.json" (builtins.toJSON dockerConfig)}";

      autoPrune = {
        enable = true;
        dates = "Mon, 13:00";
      };
    };
  };
  networking.firewall.extraCommands = ''
    iptables  -A nixos-fw -p udp --source 172.17.0.0/24         -j nixos-fw-accept
    iptables  -A nixos-fw -p tcp --source 172.17.0.0/24         -j nixos-fw-accept
    ip6tables -A nixos-fw -p tcp --source ${dockerConfig.fixed-cidr-v6} -j nixos-fw-accept
    ip6tables -A nixos-fw -p udp --source ${dockerConfig.fixed-cidr-v6} -j nixos-fw-accept
  '';

  nix.gc.dates = "12:30";
  system.autoUpgrade.dates = "13:05";
}